SecurityHome.eu Security vulnerability: Apache OpenMeetings 3.0.7 Arbitary File Read

Home / vulnerabilities PDF

Apache OpenMeetings 3.0.7 Arbitary File Read
Posted on 26 March 2016
Source : packetstormsecurity.org Link

Severity: Critical

Vendor: The Apache Software Foundation

Versions Affected: Apache OpenMeetings 1.9.x - 3.0.7

Description:
When attempting to upload a file via the API using the
importFileByInternalUserId
or importFile methods in the FileService, it is possible to read arbitrary
files from the system. This is due to that Java's URL class is used without
checking what protocol handler is specified in the API call.

All users are recommended to upgrade to Apache OpenMeetings 3.1.1

Credit: This issue was identified by Andreas Lindh

Apache OpenMeetings Team

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Exploits :

Customer Support System 1.0 Cross Site Scripting
Xhibiter NFT Marketplace 1.10.2 SQL Injection
WordPress WPCode Lite 2.1.14 Cross Site Scripting
Azon Dominator Affiliate Marketing Script SQL Injection
Simple Laboratory Management System 1.0 SQL Injection

Last 20